126 comments

[ 2.4 ms ] story [ 71.1 ms ] thread
In some ways we already are. For instance if I use my supermarket loyalty card, they let me save around 1-2% on my purchase in exchange for the better tracking they get.
I've seen the discount being more like 25%. Hell, pretty much any product at Safeway has a "Safeway price" that practically forces you to use the discount card.
That's when they raise the list price to $4.29 for a box of Triscuits rather than the $2.99 they are most of the rest of the time.
There's no way one person's data is worth a 25% discount surely. That strategy must be something like, have the sales we were going to have anyway (to attract customers to the store), but make the card required to get them.

At the supermarket I'm thinking of, with the 1-2% discount, there'll still be normal sale items that don't require the card, and then extra discounts that only the card gives you. Actually I just remembered the card earns you reward points as well (albeit slowly), so the total amount you "save" is indeed a little more.

How much of this discount is for tracking, and how much is pure price discrimination?

The barrier of carrying a card allows the supermarket to give a discount to customers who are motivated by that, without needing to give the same discount to everyone.

The value of the tracking is probably irrelevant to how they set the price: it is not that loyalty card discounts have increased since tracking has become more valuable.

Yes, the loyalty card should be named "loyalty and tracking card", and we don't know how the discount is divided over both.
I've never actually used a supermarket loyalty card connected to my real persona. Either the information has all been fake, or I've used somebody else's.

At the end of the day, I use the same credit card every time I shop, so I'm sure that they can harvest all their data from that. But I feel like it's a bit of a "fuck you" to the system that my loyalty card says I'm a 40 year old woman.

They don't really care though. The point of a loyalty card is to connect all of your purchases to one person or household. Knowing the age and gender of that person is interesting, but not really necessary.

These supermarkets want to know if there is a correlation between you buying X frequently, and Y occasionally. They want to know if your profile is that of a bargain hunter or a premium gourmet hobby chef. Knowing all that, they can offer you tailored deals designed to nudge your spending behaviour one way or another, and they can determine if a specific store location should focus more on certain groups of customers.

I've had this idea in the bucket of "crazy things I'll never do" which is similar to this, half art-piece, half serious:

- Users sign up to an ad network and they insert all information about themselves, the more, the better.

- They are periodically prompted to add or update their data (like facebook asking you if you're still living in the same city).

- An adblock-like browser extension, replaces all ads they see with the own network's ads, which are highly targeted, and hence get much more money than regular ads for the ad network.

- The ad network is setup as a non-profit foundation which pipes all the revenue into donations to institutions doing work related to privacy initiatives (EFF and similar).

- Users are shown how much money their willingful lack of privacy has generated for privacy initiatives.

It's a play on using the argument of "I have nothing to hide" in order to advance actual privacy legislation and protections. If someone builds this, I'd sign up and use it.

This is pretty similar to the Brave browser model, except that Brave sells your browser history instead of asking you about your information.
Brave definitely does not sell your browsing history. In fact, they don't even have the ability to access it...
> Brave definitely does not sell your browsing history

This might be true.

> In fact, they don't even have the ability to access it...

This is clearly false on the face of it. Obviously the browser has access to the browsing history.

Brave claims on https://brave.com/hc-privacy/ that "When Brave Ads launches later this year, all personal data and browsing history will remain on-device and will not be transmitted to Brave or anyone else.". This implies that they will use personal data and browsing history, but attempt to anonymize it in some unspecified manner before selling it. Of course, as Netflix can attest, this is much harder than it sounds, and I highly doubt that Brave is up to the task.

(comment deleted)
Actually, the privacy is vastly improved compared to all the tracking required at a half-ass attempt at reaching that same info.

Also it is information the user voluntarily gives up which is also a big difference.

> An adblock-like browser extension, replaces all ads they see with the own network's ads, which are highly targeted, and hence get much more money than regular ads for the ad network.

That's all fun and games, as long as you realize that all browser-extensions capture your keypresses, all data on all pages, and et cetera. All browser extensions see everything you do, and everything you type, and et cetera.

What a bunch of fear-mongering...

Browser extensions are subject to a permissions system, just like apps. Their code is also fully visible to you, and fully sandboxed.

The only real danger to extensions right now is that they can auto-update without a user review, and thus can "turn evil". It's happened to a handful of popular extensions (eg. Stylish).

Requiring the user to manually update extensions has its own share of problems though, so I'm not even sure if I disagree with browsers makers decision to auto-update.

But the claim that "all extensions are keyloggers" is just blatant nonsense.

Must be a lot of extension-developers here. Looks like your comment got moddet to bits.
Please don't open new accounts just to reply to your own misinformed comments.
This isn't 2010 anymore, WebExtensions depend on permissions given by the user, and while this still could be improved, it is no longer a "free for all" like it used to be.
Yeah, they did this in the 90s: https://en.wikipedia.org/wiki/AllAdvantage

My buddy's brother worked for them, and we each made a couple hundred bucks before it went out of business.

Tl;dr people gamed the system to make a ton of money, and advertisers realized people weren't actually looking at or clicking the ads.

This is different though, because the user themselves does not get a portion of the income. In fact, click fraud is much less likely with this idea than with current web advertising, because with current web advertising, site owners are incentivized to click on their own ads to generate profit. Under this model, EFF would have to go pretend to be other people and click on everybody else's ads, a pretty long con.
A decentralized trust system for financial value transfer. Sounds a lot like a cryptocurrency application to me.
> Users sign up to an ad network and they insert all information about themselves, the more, the better.

What people think they like, and how they behave don't always correlate. Especially when it comes to spending money.

Data gathered measuring actual user behavior will always be miles ahead of filled in questionnaires.

I remember reading one of Bill Gates’ ideas to reduce spam. Charge a nominal fee for each e-mail sent, from memory, it was something like $0.000001 USD per e-mail.

It never took off, of course, but it’s important for us as a society to come up with better solutions than “Trust Zuck” or let company lawyers win with their horribly user-antagonistic end-user licence agreements (EULA).

As an aside, I find it fascinating how lawyers aren’t getting much of the blame in all of this debate around data. Who actually writes and/or approves most of these policies? The legal eagles, that’s who.

Let’s at least debate the alternatives to the current adtech dominance of the most popular online platforms (Facebook, Google search, Android OS, Apple’s App Store ads, etc.).

edit: fixed spelling mistakes, added the ‘as an aside’ para.

“Funding a civilization through advertising is like trying to get nutrition by connecting a tube from one’s anus to one’s mouth.”

― Jaron Lanier

Ha! Reminds me of the late, great, Bill Hick’s seminal piece on marketers and advertisers: https://youtu.be/tHEOGrkhDp0

I oft wonder how much disdain Bill Hicks would have for the tech bros and the Orwellian apparatus many large tech companies have created.

The quote is semi ironical because Jaron Lanier is featured in this article and actually supports these machinations.
But he's wrong though, isn't he?

I mean, marketers and advertisers simply recognize what already exists. Yes, there is an "anger market". Yes, there are certain things that work to attract people prone to "being angry".

Overall, I find Hicks to be a bit overvalued. At least the bits that get circulated the most. The bit about advertisers and the bit where he "destroys" a heckler, which is just him hurling basic abuse at someone. There's nothing really funny or particularly witty in it, just "Go kill yourself" over and over again. I think he plays to a certain demographic that wants to feel as if they've figured out the secret and that the secret is it's all going to shit.

I'd imagine he'd have a diatribe about "tech bros" that would pretty much consist of saying they should kill themselves in various ways.

Not sure if he is wrong, per se, as his arguments do have some merit.

Re: "marketers and advertisers simply recognize what already exists."

Yes, but they encourage consumption, purchasing and/or commercial activities. They are not doing it for the sake of a 'good cause' or because they believe in it (although they may), their incentive is to make money.

That's what I believe Bill Hicks was attacking in this segment. Their unrelenting ability to turn anything into a commercial endeavour - even when it is not present.

What in here (https://genius.com/Bill-hicks-on-advertisers-and-marketing-a...) is an actual critique on what marketers do? What's the argument?

It's all "kill yourself" some reductive thoughts about how they identify markets followed by a snide remark about marketing arsenic as a childhood sleep aid. Only that last jibe could be said to be anything approaching an actual critique. The rest is just plain abuse.

You think Hicks was doing it for the sake of a 'good cause' or because there was money in it? But that's part of the rub, isn't it? You can't really buy in without selling out. It's the same sort of dilemma that exists with a band like Rage Against the Machine. They advocate all of this stuff, all of this anti-commercialism, etc, but fully take part in it.

"Oh noes, they're encouraging me to buy things. The horror"

Fuck man, at least they're honest about what they're trying to do. Not everyone is.

Likely have to agree to disagree on this one. It's a comedy piece for one, and it's an opinion at that, but what is the critique Bill Hicks is making in the Youtube link I shared? I think it's best summed up with "you are filling the world with bile and garbage".

And honest about what they do? That seems wildly inaccurate. Like any profession, there are honest advertisers & marketers and there are dishonest ones, but the incentive of advertising is to influence purchasing decisions, and marketing to promote awareness, encourage consumption, and/or generate new revenue.

What would you have (had) Rage Against the Machine do? Stop making music that people enjoy and relate to? Or, should they do what the KLF did and (allegedly) burn a million dollars in cash one night and renounce all future songwriting and performance royalties? What would that achieve apart from an artistic statement?

Lastly, by your definition, aren't Rage Against the Machines just good at marketing? Or is licencing one's music to a large music label perhaps the most effective method of advertising their beliefs and opinions? Playing to larger audiences or making coin from their trade, doesn't necessarily mean they are hypocrites.

--- edit: minor typo fixes, refined some sentences

Where's the humor? What's the joke? Explain how it's funny.

He doesn't explain how it's filling the world with bile and garbage, that's just a claim. And sure, it may qualify as criticism, but it's empty criticism. You could easily say that about most things. Bill Hicks is filling the world with bile and garbage. You'd want me to qualify that. Defend it, prove it. Something you're not asking of him.

Yes, advertisers want you to buy shit. Anyone who works in advertising will tell you that their job is to get you to buy shit. Advertising's job is to get you to buy shit. Maybe one brand of shit over another. Or shit you may not necessarily need, but all the same. You may disagree with the utility of what they're trying to sell you, but that's kind of irrelevant. The job itself is to make the product appealing enough to purchase.

You can bitch about advertisers who take on clients of products known to be harmful. That companies that do advertising for cigarettes are morally suspect. But the job in and of itself is no better or worse than a lot of others. Do you think Hicks blamed advertisers for making him a chain smoker? Then again, he was mostly a chain smoker to deal with his other addictions. But last time I checked most illegal narcotics don't have an advertising arm. Unless you count Bill Hicks, who advertised for them essentially for free.

Also, don't use acronyms unless you are going to explain what they mean. The only hit for KLM I got was the Royal Dutch Airline. It was only once I searched "KLM burning money" that I got the result that I think you were talking about, the KLF burns a million quid. And apparently, they went on a lecture circuit after that, Bill Drummond started writing, Jimmy Cauty continued as a music producer (which I don't know how that fits in with the whole "renouncing the industry" bit) and artist. So it's not like they fucked off and became bus drivers. They still leveraged that fame. And they regard that stunt as a mistake now.

As for Rage Against the Machine, I do see their predicament. They could go full Fugazi and reject most of the corporate structure, but then their reach becomes much less. Your message can't really reach.

And here's the thing, I'm not totally against what they're doing. I do think it's a bit ironic preaching anti-consumerism using the vehicle of consumerism to get your message. "Buy this thing that tells you that buying things is stupid". I think they're wrong in rejecting the entire notion of consumerism. Just like Hicks is wrong in rejecting the entire notion of advertising and marketing (which is a bit of an anti-consumerist screed). But the answer isn't to become a charge card wielding shopaholic either. No matter the extreme you go to, you've gone to the wrong one. Extreme isn't the answer, ever. There is value in a lot of things.

Well, I find the Bill Hicks skit funny :) If you don’t, then all power to you.

Some people think the Smurfs is a nice, cute cartoon and others see a Marxist village led by a misogynistic Karl Marx figure. They’re both just perspectives, a la, the Rashomon effect.

And the KLM to KLF thing was a typo. People make mistakes - myself included!

Another similar project was Hashcash which would have a hard computing problem (inversing a sha256 hash) to be performed on each email sent. It also didn't catch on in its original purpose but it is famously used with cryptocurrencies. See https://en.m.wikipedia.org/wiki/Hashcash
Building off of that $0.000001 USD per email thing, has anyone proposed a proof of work per message sent system? Sort of like the server accepting messages says "hey find some value x where the first n digits of hash(nonce + x) are zero". So the server sending the message could decide if it really wants to complete the work.

It may be a total pain for users if servers set their proof of work really high and reject everything, but maybe it could be implemented to work well, thus limiting spam.

This would have the same effect as Gates's idea, but compute power is easier to come by than real money.

What you're describing is Hashcash, which is the first implementation of the idea, and is the basis of how Bitcoin came to the idea of proof-of-work.

The reason why Hashcash and other pay-per-email ideas didn't work out is because spammers effectively wouldn't have to pay (since they're not using their own computers and accounts to send spam) but people who have legitimate reasons to send bulk email (say, the Linux kernel mailing list) would have to pay pretty high costs.

> I remember reading one of Bill Gates’ ideas to reduce spam. Charge a nominal fee for each e-mail sent, from memory, it was something like $0.000001 USD per e-mail.

I remember the late 90's debates about how to fix the spam problem. Everyone and their dog all had bad off-the-cuff ideas similar to this one on how to "obviously" fix it. There were so many that someone eventually created a great form-based catch-all reply to them all; a copy can be found here: (https://craphound.com/spamsolutions.txt); quoted below.

Your post advocates a

( ) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses

( ) Mailing lists and other legitimate email uses would be affected

( ) No one will be able to find the guy or collect the money

( ) It is defenseless against brute force attacks

( ) It will stop spam for two weeks and then we'll be stuck with it

( ) Users of email will not put up with it

( ) Microsoft will not put up with it

( ) The police will not put up with it

( ) Requires too much cooperation from spammers

( ) Requires immediate total cooperation from everybody at once

( ) Many email users cannot afford to lose business or alienate potential employers

( ) Spammers don't care about invalid addresses in their lists

( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it

( ) Lack of centrally controlling authority for email

( ) Open relays in foreign countries

( ) Ease of searching tiny alphanumeric address space of all email addresses

( ) Asshats

( ) Jurisdictional problems

( ) Unpopularity of weird new taxes

( ) Public reluctance to accept weird new forms of money

( ) Huge existing software investment in SMTP

( ) Susceptibility of protocols other than SMTP to attack

( ) Willingness of users to install OS patches received by email

( ) Armies of worm riddled broadband-connected Windows boxes

( ) Eternal arms race involved in all filtering approaches

( ) Extreme profitability of spam

( ) Joe jobs and/or identity theft

( ) Technically illiterate politicians

( ) Extreme stupidity on the part of people who do business with spammers

( ) Dishonesty on the part of spammers themselves

( ) Bandwidth costs that are unaffected by client filtering

( ) Outlook

and the following philosophical objections may also apply:

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical

( ) Any scheme based on opt-out is unacceptable

( ) SMTP headers should not be the subject of legislation

( ) Blacklists suck

( ) Whitelists suck

( ) We should be able to talk about Viagra without being censored

( ) Countermeasures should not involve wire fraud or credit card fraud

( ) Countermeasures should not involve sabotage of public networks

( ) Countermeasures must work if phased in gradually

( ) Sending email should be free

( ) Why should we have to trust you and your servers?

( ) Incompatiblity with open source or open source licenses

( ) Feel-good measures do nothing to solve the problem

( ) Temporary/one-time email addresses are cumbersome

( ) I don't want the government reading my email

( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.

( ) This is a stupid idea, and you're a stupid person for suggesting it.

( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Companies will argue, either rightly or wrongly, that people are already getting paid... Just not in cash. Google Maps is free for me to use, so long as I relinquish location data necessary for it to function, which Google can then use as they please to analyze what businesses I frequent, where I live, what type of transportation I use, etc.
You don't have to give them that data. It's still free because they can serve ads based on where you're searching.
I disagree. The modern act of viewing a digital ad produces more data than people realize. How long you looked at an ad, whether you clicked it, whether you skipped it or tried to hide it, etc. All of those implicit actions create data that is then surrendered to the collector.
Yep, no argument about user metadata. My point was specifically about location data, which users do not have to give.

> Google Maps is free for me to use, so long as I relinquish location data necessary for it to function

Google maps is not free. The end user will perceive it is free, but businesses will become dependent on embedding google maps into their site, then will have to pay for said maps. This actually came up recently.

The same is true for email. The end user will perceive it is free, but businesses have to pay into whitelists based on volume. The costs are then passed on the the customers. So not only is it not free, you pay for it even if you don't use it.

By your definition, what would you consider a free thing?
I would consider something free if nobody had to pay anything for it.
Right, but can you give an example? I think there’s a credible argument that nothing is free according to your definition.
That is in fact my point. There are no free services.
(comment deleted)
There are a bunch of apps and websites that do this already. Google Play Rewards is probably the most reputable, but they're easy to find and advertise themselves aggressively.
Google Play Rewards is a good example of how little people realise the worth of their data though. (Google Play Rewards tends to pay rather little, and in currency only redeemable at the company store.)
(comment deleted)
The value of my data is not that it can train a statistical model about preferences of developers in their 30s - that's absolutely marginal. My personal data is useful in itself as a proxy for my own life, my preferences, my buying habits, it's a map on how to influence and predict my behavior, possibly against my will.

A company having exclusive access to all my personal data, emails, etc. can for example, infer that I have an urgent need to buy an airline ticket to visit my sick father, and extract my reserve price for that ticket, as opposed to an average price for all passengers. Or it can deduce the minimal paycheck I am willing to accept for a job.

So even in the unlikely case I can recover the full value of my data from the market, I haven't really earned anything. My information differential is a competitive advantage in the market, and selling it is self defeating, companies are not selling or giving their data back to me. So the more data you sell or give, the larger the asymmetry grows until the only deals you can make are bad deals.

Edit: I can neither confirm nor deny I am developer and/or in my 30s

In your example you're assuming that there is monopoly control over whatever product you're trying to buy. But that's usually not the case: there is more than one airline, for example.

If it were possible to market products exclusively to people who wanted that exact product, companies would no longer need to waste money on broadly targeted advertising and compete more directly on price and product features and not on marketing budget. You would get "paid" in cost savings.

Of course that's generally not really possible no matter how much of your data marketers could reasonably know about. A grab bag of "data" from an individual person barely predicts much of anything, which is the real reason there isn't much of a market for it.

Indeed - but markets are rarely perfectly competitive, to negate any advantage price discrimination can bring. For example, it's often the case a route/date combo is offered by a single airline.

I also agree that information can be beneficial for me, helping companies finding me easier without spending on advertising etc. But in that case, I would simply give that information away and share it as broadly as possible (for example, by searching multiple sites for the products I am interested in); so that side of the coin is not relevant for someone selling his information.

You can buy the ticket anonymously. There doesn't have to be any link between data about your grandfather and your identity you're using to buy the ticket. Why would you even give anyone data about your grandparents?
> You can buy the ticket anonymously. There doesn't have to be any link between data about your grandfather and your identity you're using to buy the ticket.

How do you propose buying an airplane ticket anonymously?

On some booking sites it might actually be a good idea to open them in incognito mode, and you can get a quote without them using data linked to you.
I've noticed tracking that can track across browsers and their incognito modes even with ublock origin enabled. It may have tracked me by ip, I don't know but I feel like we're getting to the point where the existing incognito modes are useless.
Today: Anonymous mode. I've maybe chosen a wrong word. I meant independently from your "other" identity.
> Today: Anonymous mode. I've maybe chosen a wrong word. I meant independently from your "other" identity.

Well, except for the part where you have to enter your legal name and date of birth.

So would the store inflate the price after you entered your name, or not show any price before entering a name? Neither is probably that good for business
And you entered your legal name and birth to your email provider? You provided your email company that you know is selling this data with all this? Why?
Company X manages your email.

Company Y is a data broker (several of these exist already).

Company Z sells airline tickets.

Company X scrapes your email and sells information about you to Company Y to boost their bottom line. Company Z buys information from company Y to target their marketing efforts. Much of the adtech industry is based around interchange like this (but often with even more, and more confusing, layers).

Currently Google and Facebook are a bit different - they sell targeting profiles and serve the ads themselves, instead of directly selling your data - but it's worth thinking about how much you trust them to stay that way.

Just use secure e-mail. No company is selling my e-mail to anyone. Anyone can make this choice, and anyone can also host their own - either you get an unlimited mailbox for free, but of course your data is sold (they need to pay for it somehow), or you pay a few dollars and your data stays yours. It's your choice, we don't need regulations for that. I want to have that choice in my hands.
I don't think this solution works in the current economy - you would also have to refuse to ever exchange email with anyone using a monetized-data email service, i.e. Facebook, Google, etc. Given the wide market control these players have, most people would find it difficult to communicate. I think controls have to be legislated, as the EU has just done.
Or just use a secondary address. But yeah, you have to make a decision, either you really do care about your data, or you don't, just like the people who don't use FB today.

You shouldn't put the burden of your decision on others, others might not care about things you care as is apparent from GDPR. Anecdote: People on sites where I can see the numbers don't care about their data, they want the GDPR thingy away ASAP and will click on anything that makes it disappear, selling even more data than before in the process.

Including me. I despise the popups, it's extremely annoying. I protect myself technologically and with common sense, like my parents teached me to - I don't put personal information in places where I don't believe it's safe. It's that easy.

Agree with you for the most part, but the GDPR extends much further than that.

Even if you've accepted the default consent popup from a website, you can also revoke that consent in the future and request you be forgotten (either your data deleted or completely anonymised). Then there's the obligation of data breaches to be reported quickly, as well as being able to claim damages that result from said breaches.

That last bit will also incentivise companies to be more careful about how much data they can collect, and whether they'll even want to store it longer than absolutely necessary.

> Then there's the obligation of data breaches to be reported quickly, as well as being able to claim damages that result from said breaches.

Yes, this is the only part of GDPR that I support. The rest of what you wrote: Imagine that you're providing a service in exchange for money. Would it be fair for someone to demand money back after they consumed the service? If you do not wish someone to have your data, don't sell it to them.

> Imagine that you're providing a service in exchange for money. Would it be fair for someone to demand money back after they consumed the service?

Note I said delete or anonymise. The point is that the information shouldn't be personally identifiable once the person has asked to be forgotten (within reason of course - you still have to hold as much info as the law mandates whether that person likes it or not).

You're welcome to keep the anonymised data and do whatever ML or other analytics with it.

> If you do not wish someone to have your data, don't sell it to them.

There are plenty of services that gather far more information about you against your will than ordinary folk imagine, IIRC Google and Facebook's tracking of your activity via their ad networks even when you're not visiting pages on their domain. This isn't acceptable, and lots of ordinary people aren't savvy enough to use adblockers or script blockers, yet they never consented to that type of data collection.

The GDPR at least gives them some say in what happens to the data that was collected about them.

> Note I said delete or anonymise. The point is that the information shouldn't be personally identifiable once the person has asked to be forgotten (within reason of course - you still have to hold as much info as the law mandates whether that person likes it or not).

> You're welcome to keep the anonymised data and do whatever ML or other analytics with it.

Oh yeah, I saw the or, but one of the major points of collecting data is to better target ads to the person that created these data, and with this, this use case is eliminated. Yes, in some cases, it'd work, but I'm sure that there are many free services that depend on data about the person, not data in general. I agree that people should be informed, but if I build a service that is paid with data, the data should be mine. If I record you on camera while shopping in my shop, I should be free to do whatever I want with that. Given that you've been informed about recording before entering the shop, you had a choice to not use my services.

About FB/Google tracking on other sites - I think this should be responsibility of the site owner (ensuring you're informed), but other than that, it's the same - you are providing data to the site owner and the site owner is sending them to others; if you don't like it, you don't have to use their services.

We could've spent 10% of what we spent on GDPR on education about tracking and the result (if the goal was to reduce tracking) would be much better. Right now people are tracked more, from my personal experience.

> We could've spent 10% of what we spent on GDPR on education about tracking and the result (if the goal was to reduce tracking) would be much better. How do you know it would be much better?

How would you implement this exactly? The GDPR effectively has global reach as it doesn't apply only to EU citizens, and it's easier to implement one compliant system than have a separate one for non-EU data subjects.

What sort of timeframe and expenditure are we looking at for worldwide education surrounding tracking on the web and privacy? How do you plan to keep people up-to-date with the latest techniques Ad network deploy to defeat past best-practices?

In your example, what sort of recourse would exist for people who are currently privacy-minded, but not savvy enough to know someone's collecting more data than they'd actually have consented to (in your analogy, the equivalent of the Ad network sticking its fingers in people's wallets, taking what they're not entitled to)?

About half of the people I exchange email with are @gmail.com It means that Google reads and possibly sell half of my email conversations even if I don't use Google as email provider. The same probably happens to you. Our choice is limited to not to send email to people with some addresses. Tough luck.
Yeah, I know. However I'm pretty sure that you're not sending your personal identifying information to them. But yeah, minding your privacy often means discomfort, that's just how it is - again, same with people that don't like FB, but their friends use FB messenger. You can use encryption, btw.
My email address ends with @dotancohen.com, I'm known to be a privacy advocate (no facebook, twitter, whatsapp, etc), but if you send me an email Google _still_ will be able to access:

$ dig MX dotancohen.com | grep MX ; <<>> DiG 9.10.6 <<>> MX dotancohen.com ;dotancohen.com. IN MX dotancohen.com. 86381 IN MX 5 alt2.aspmx.l.google.com. dotancohen.com. 86381 IN MX 10 aspmx3.googlemail.com. dotancohen.com. 86381 IN MX 10 aspmx2.googlemail.com. dotancohen.com. 86381 IN MX 1 aspmx.l.google.com. dotancohen.com. 86381 IN MX 5 alt1.aspmx.l.google.com.

Google's services are so far superior to almost anything else that I cannot avoid them behind the scenes without severely undermining my ability to communicate reliably. Of course I'm familiar with Protonmail and Fastmail and I've run Debian web and mail servers and configured everything from qmail to sendmail, hand-writing SPF records, blacklists, etc etc.

And it's a constant battle. I need to be productive, I need to actually work, and I need time to be with the kids. Google handles my MX, Amazon my SMTP. And I'm done with it.

And even people who think that their data isn't going through Google when communicating with me, are having their data going through Google.

Well I think that the solution here would be to convince people to use encryption and make it easier for them, instead of giving them false hope like in your case.
Easy solution: sell the tickets at an inflated price normally, then give discounts to people who you think wouldn't buy otherwise. Require these people show their ID at check-in. This will cause people to willingly give over their data/identity in order to receive discounts - not realizing that if they acted as a class and bought anonomously they would recieve (on average) lower prices. Of course such class action is impossible because it will always benefit some segment to defect, which will inflate the price for the rest, causing more to defect.
I still don't get how they would get your data that you never entered into any system that sells them, or how they connect the two identities together.
There may be more than one airline, but quite often there is just a single airline that meets the criteria for the flight and service quality you require.

Even when there are competing companies, being able to accurately quantify how much are you willing to pay, would allow companies to always charge max price, just by setting their "normal prices" much higher and then offering you personalized "discounts".

With multiple companies buying your data from intermediary brokers, it would effectively become a way of per-customer price fixing, while at the same time reducing competition when only a single company gets your data and presents you with an offer you can (barely) accept.

> there is more than one airline, for example

True, but there could be a centralized market for data that all airlines buy from.

> But that's usually not the case: there is more than one airline, for example.

I am afraid we are moving to a world where that is somewhat the case. Not that there's a single airline, but where there's a single place to book an airline ticket, a single place to book accommodation, or a single place to book a taxi, for instance. The intermediary (e.g. Airbnb, Uber, etc.) can then jack up their commission as far as possible based on your profile. Users can't move because all suppliers are using that intermediary, and suppliers are forced to use that intermediary because that's where the clients are. Meanwhile, intermediary's are able to extract everything that's currently going into people's savings accounts.

Why are you assuming it will be used nefariously to price gouge? What if an air-plane taxi startup bought the data and offered you a ticket for cheaper than a normal airline ticket?
Then someone else would be price-gouged. No company is putting effort into harvesting or mining personal data without an expectation of ROI, and that comes by increasing revenue and decreasing costs. Perhaps costs would go down for some individuals, but there would be an increase in others’ costs to more than compensate.

Otherwise, the company is wasting money.

If you operate on the assumption that it's immortal if any profit isn't perfectly distributed according to your own personal sense of how much each person deserves to pay, you can't have a functioning market. Any system with non-zero overhead can't possibly price things purely on a cost+% basis.
The economy is not zero-sum. If you're getting offered airplane tickets for cheaper than what everyone paid, it's probably because the airline has extra seats available on the plane that would otherwise go unused. No airline would bump a passenger paying a higher fare in favor of a passenger paying a lower fare (barring PR disasters and such) - they'd be strictly losing money on that deal.

Offering an unused seat for less money because they have knowledge that you would buy it at a discount price makes everybody strictly better off - you gain a discount vacation at a price you otherwise couldn't get, they sell a seat that would they would otherwise waste, and the data broker who arranges the transaction takes a cut of the value generated by this transaction.

Such cases exist. I do not expect most corporations to primarily (and certainly not exclusively) use customer information to do so.
What's stopping that company from offsetting the cost by selling the data to less scrupulous third parties?
It's not always a zero-sum game.

Sure, there are cases of price discrimination - why would you sell a piece of data for $1 which allows a company to charge you $2 more for something you're going to buy.

But there's increases in efficiencies:

1) Get me to buy a similar product from competitor B instead of A since it's a better fit for my needs wherein I wouldn't have been aware of B

2) Show me fewer ads by showing me more relevant ads

But the bottom line is that it will always bias towards their interest in making money. It's just nice when it so happens to align with your interests in buying neat stuff.
You do realize that the collection and mining of data exponentially increases the chances that advertisers with your interests will be shown to you? That is exactly the point.
This is an economically well informed response so thanks for writing it.

The economist in me shakes my fist grumpily and says: You're contributing to an inefficient market by being opaque with your explicit preferences.

Your point however I think about companies not giving data back to you is an important one, because I think it's true in some ways and false in others. True in the sense that - lets use google for example - you don't know the exact composition for how they make decisions internally. However, I would guess that Google doesn't even know that.

Further, Google puts out a lot of information to shareholders and in their Annual reports, more data certainly about their finances than you send to Google - so it's not exactly the case that you aren't getting really good information on them. Not to mention the hundreds of articles daily on their current and future operations and products. I'd say you probably have more access to data about Google - in aggregate, if you want it - than they have on you.

The economist's dream is that we all know our own pricing sensitivities and desires for goods and services, share that with the market, and the market responds by providing those goods and services at marginal cost for a supremely efficient market. That's kind of the goal of economics - perfectly predict human desires and build systems to facilitate those.

You're response proves what we know however that individuals, companies or otherwise, are incentivised to not create efficient markets, but rather maintain information assymetries so that they can individually extract the most out of the market.

I guess that is to say, I had never thought about that from the perspective of the consumer wanting to maintain the information asymmetry, I had only ever thought about firms trying to maintain the information power. It's an interesting and different way to think about it. Thanks.

> You're contributing to an inefficient market by being opaque with your explicit preferences.

You don't make your preferences explicit in a market by selling them as data. You make your preferences explicit in a market by making trades. The prices at which you make the trades, and what you trade for, are the only information the market needs to be efficient. Which in itself makes the "let's pay customers for their data" line suspicious.

On the other hand, if some company have all my data and knows what I would need when I need it, it'd help me save tons of time browsing irrelevant information. I hope they can get better doing that. e.g. Yelp has tons of information about what restaurants I like and what I dislike, they still gives me tons of useless recommendations.
The risk associated with my data being collected is likely not worth what anyone is willing to pay for it, and I assume this is true for nearly everyone.
When given the choice, that's what you'd expect most people would think.

But when not given the choice, it turns out people are quite happy to give over their data in return for no payment.

Without knowing how companies actually use my data, I can't put a price tag on it myself.

That means I can only rely on the price put out by the companies that collect it, and if they collude to keep prices low, it doesn't matter if they're caught, because they already have the data.

I also don't know the entire network that my data transits with the amount of money that gets paid for data -- Google could sell to some small company which sells to an international company, which sells to a shell company and ends the trail for most of us.

I suspect that internet and real celebrities will be paid orders of magnitude more for their data anyway.

I had an evil idea once for a site where you got paid to supply information on other people. You create an account and narc on all your friends and family by telling the site what things they were interested in and what they have been talking about lately. The more money they make from targeted ads to that person, the more money you get paid :) Like I said, it is evil and no one should do it.
Uh, I have bad news. Zuck beat you to that one a while ago... (Except instead of getting paid you just get nagged if you don't narc.)
I generally agree with Weyl and Posner's position here in that we need to completely change people's perspective on the value of their data and how easily they give it away. So I don't want to distract from that point. However, I do want to also point out that data itself functions more like capital than it does like labour (although the act of providing data may be more similar to labour).

Capital is always the source of financial asymmetry between the labourers and the wealthy capital-owners. So instead of "selling" our data to companies for a fixed price, allowing them to exploit it forever, maybe we should be only renting companies the temporary right to use our data -- keeping the wealth asymmetry from growing.

what if blah blah blah blah
We've already asked you to please stop, so we've banned the account.
How do I get my account banned? I’ve been trying to delete it but can’t figure out how.
people are paid for their data, they get to use social media.
Doesn't seem like a good deal.
I'm already compensated for my data. I can use Facebook, read news websites, play games, and watch videos without taking out my credit card.

I have no other way to convert my data into dollars so this'll have to do.

If someone were to figure out the exact mechanics of this, then this could become universal basic income.

I have thought a lot about what trapped intangible value all of us have, such that ‘if’ there was a market for it, we could get paid. Our personal data, with opt-in volunteering, is certainly at the top of the list. The other potential personal markets that have very similar characteristics (to personal data), but don’t exist are:

1) Home equity: Americans have $6.2T in home equity that could be “sold”

2) Driving data: get paid for carrying free sensors so that one helps map the world, so we get to self driving sooner in more cities

3) Opinions: large scale polling for everything, from movie trailers to startup landing pages to new products/ads — everything

4) Fact checking: crowd sourced journalism; often Reddit crowds figure out the truth/source faster than pro journalists; there ought to be a market for “if I know something, Eg some insider info, I could improve on the state of public truth”

5) Goodwill: one of the most amazing things I stumbled upon was www.reddit.com/r/borrow; people ask for money and strangers give money; I would never have predicted this to exist. I believe goodwill and benevolence is one of the largest untapped markets.

There are probably several other (and better) examples: point is that royaltiess/annuities from such markets could be part of UBI in the future.

> If someone were to figure out the exact mechanics of this, then this could become universal basic income.

I believe that's what China's social credit system is doing. It's a very powerful idea, but also has some very dystopian undertones.

Any suggestions on good sources: Where can I learn more about it? (Thanks for the comment. Very curious to learn more.)
Part of the hypothesis of Document Coin [1] is that when people have “road feel” for the value of the information they share, they’ll be better able to prioritize their own privacy. Eg if you know some advertiser will pay you for personal data, you’re more likely to hold out for a better deal, and be picky about who you share with.

[1] https://www.wired.com/2014/07/document-coin

> I believe goodwill and benevolence is one of the largest untapped markets.

But the attitude that sees anything as a “market” is one that generally wants to relentlessly exploit them, which would pretty quickly destroy goodwill and benevolence.

Sell my data? That's ridiculous!

Leasing it for a defined period of time, that's plausible.

They already are, essentially, in-kind—-with “free” software and services like gmail, fecebook, instaglam, etc etc
Your data by itself is basically worthless. Your data combined with Google's algorithms to extract meaning is worth all the services they provide.
They already are with free apps and services.
I don’t want money in exchange for my data. I just want genuine anonymity except where I say otherwise.
this is a huge use case for blockchain. Just try Brave browser to see for yourself
How much is it worth and who will pay and how will I collect it.
What worries me is that we are always surprised how our data can be used. You may agree on something you think you understand and indirectly agreed to something else.